renamed 27001 EN versions
This commit is contained in:
parent
928b85a4db
commit
a26b03c1fa
170 changed files with 21 additions and 535 deletions
|
|
@ -5,7 +5,7 @@ The organization shall determine the boundaries and applicability of the informa
|
|||
|
||||
When determining this scope, the organization shall consider:
|
||||
|
||||
a\) the external and internal issues referred to in [4.1](ISO_27001_2022_OT%204.1%20Understanding%20the%20organization%20and%20its%20context.md);
|
||||
a\) the external and internal issues referred to in [4.1](c-4.1-Understanding-the-organization-and-its-context.md);
|
||||
|
||||
b\) the requirements referred to in [4.2](../../MoCs/ISO_27001_2022_4.2_MoC%20Understanding%20the%20needs%20and%20expectations%20of%20interested%20parties.md);
|
||||
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
### 6.1.1 General
|
||||
|
||||
When planning for the information security management system, the organization shall consider the issues referred to in [4.1](ISO_27001_2022_OT%204.1%20Understanding%20the%20organization%20and%20its%20context.md) and the requirements referred to in [4.2](ISO_27001_2022_OT%204.2%20Understanding%20the%20needs%20and%20expectations%20of%20interested%20parties.md) and determine the risks and opportunities that need to be addressed to:
|
||||
When planning for the information security management system, the organization shall consider the issues referred to in [4.1](c-4.1-Understanding-the-organization-and-its-context.md) and the requirements referred to in [4.2](ISO_27001_2022_OT%204.2%20Understanding%20the%20needs%20and%20expectations%20of%20interested%20parties.md) and determine the risks and opportunities that need to be addressed to:
|
||||
|
||||
a\) ensure the information security management system can achieve its intended outcome(s);
|
||||
|
||||
|
|
@ -16,7 +16,7 @@ fi
|
|||
# Adjust OBSIDIAN_CLI to the command you actually use (e.g. `obsidian`).
|
||||
: ${OBSIDIAN_CLI:=obsidian}
|
||||
|
||||
files=(ISO27001-2023-NL-*.md(N))
|
||||
files=(ISO_27001*.md(N))
|
||||
if (( ${#files} == 0 )); then
|
||||
print 'No matching files found.'
|
||||
exit 0
|
||||
|
|
@ -24,9 +24,17 @@ fi
|
|||
|
||||
for src in "$files[@]"; do
|
||||
base=${src:t}
|
||||
if [[ $base =~ '^ISO27001-2023-NL-([0-9]+\.?[0-9]*)\.md$' ]]; then
|
||||
version=${match[1]}
|
||||
target="c-${version}.md"
|
||||
# Match both ISO_27001_OT and ISO_27001_2022_OT patterns
|
||||
if [[ $base =~ '^ISO_27001(_2022)?_OT ([0-9.]+) (.+)\.md$' ]]; then
|
||||
version=${match[2]#_}
|
||||
title=${match[3]}
|
||||
target="c-${version}-${title}.md"
|
||||
# Replace spaces with dashes
|
||||
target=${target// /-}
|
||||
# Remove commas
|
||||
target=${target//,}
|
||||
# Prevent double dashes
|
||||
target=${target//--/-}
|
||||
if [[ $src == $target ]]; then
|
||||
print "SKIP $src"
|
||||
continue
|
||||
|
|
@ -107,6 +107,6 @@ Indien traditionele toegangscontroles niet kunnen worden afgedwongen, kunnen tec
|
|||
|
||||
met informatie, om te beperken wie er toegang kan krijgen tot de inhoud en hoe men deze kan krijgenit kan op granulair niveau zijn en worden aangepast gedurende de levenscyclus van de informatie.
|
||||
|
||||
Technieken voor het beheer van dynamische toegang zijn geen vervangers van klassiek toegangsbeheer [bijvet gebruik van lijsten voor toegangsbeheer (ACL's)], maar ze kunnen meer factoren toevoegen voor conditionaliteit, realtime-evaluatie, just-in-timedatabeperking en andere verbeteringen die nuttig kunnen zijn voor de meest gevoelige informatieit biedt een manier om toegang buiten de omgeving van de organisatie te beveiligenncidentrespons kan worden ondersteund door technieken voor het beheer van dynamische toegang aangezien rechten te allen tijde kunnen worden gewijzigd of ingetrokken.
|
||||
Technieken voor het beheer van dynamische toegang zijn geen vervangers van klassiek toegangsbeheer \[bijv. het gebruik van lijsten voor toegangsbeheer (ACL's)\], maar ze kunnen meer factoren toevoegen voor conditionaliteit, realtime-evaluatie, just-in-timedatabeperking en andere verbeteringen die nuttig kunnen zijn voor de meest gevoelige informatieit biedt een manier om toegang buiten de omgeving van de organisatie te beveiligenncidentrespons kan worden ondersteund door technieken voor het beheer van dynamische toegang aangezien rechten te allen tijde kunnen worden gewijzigd of ingetrokken.
|
||||
|
||||
Aanvullende informatie over een kader voor toegangsbeheer wordt gegeven in ISO/IEC 29146.
|
||||
|
|
|
|||
|
|
@ -1,113 +0,0 @@
|
|||
#iso27002/2022/EN
|
||||
# ISO 27002:2022 EN Index
|
||||
|
||||
| 2022 ID | Control title | 2013 |
|
||||
| ------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ |
|
||||
| **F** | **[[ISO_27002_OT_F Foreword \|Foreword]]** | |
|
||||
| **0** | **[[ISO_27002_OT_0 Introduction \|Introduction]]** | |
|
||||
| **1** | **[[ISO_27002_OT_1 Scope \|Scope]]** | |
|
||||
| **2** | **[[ISO_27002_OT_2 Normative references\|Normative references]]** | |
|
||||
| **3** | **Terms, definitions and abbreviated terms** | |
|
||||
| 3.1 | **[[ISO_27002_OT_3.1 Terms and definitions\|Terms and definitions]]** | |
|
||||
| 3.2 | **[[ISO_27002_OT_3.2 Abbreviated terms\|Abbreviated terms]]** | |
|
||||
| **4** | **Structure of this document** | |
|
||||
| 4.1 | [[ISO_27002_OT_4.1 Clauses \| Clauses ]] | |
|
||||
| 4.2 | [[ISO_27002_OT_4.2 Themes and attributes \| Themes and attributes ]] | |
|
||||
| 4.3 | [[ISO_27002_OT_4.3 Control layout \| Control layout ]] | |
|
||||
| **5** | **Organizational controls** | |
|
||||
| 5.1 | [Policies for information security ](../../../../🧱%20Projects/iso27DIY%20mk%20I/ISO_27002_2022_5.1_MoC%20Policies%20for%20information%20security.md) | 05.1.1, 05.1.2 |
|
||||
| 5.2 | [Information security roles and responsibilities ](ISO_27002_2022_5.2_MoC%20Information%20security%20roles%20and%20responsibilities.md) | 06.1.1 |
|
||||
| 5.3 | [Segregation of duties ](ISO_27002_2022_5.3_MoC%20Segregation%20of%20duties.md) | 06.1.2 |
|
||||
| 5.4 | [Management responsibilities ](ISO_27002_2022_5.4_MoC%20Management%20responsibilities.md) | 07.2.1 |
|
||||
| 5.5 | [Contact with authorities ](ISO_27002_2022_5.5_MoC%20Contact%20with%20authorities.md) | 06.1.3 |
|
||||
| 5.6 | [Contact with special interest groups ](ISO_27002_2022_5.6_MoC%20Contact%20with%20special%20interest%20groups.md) | 06.1.4 |
|
||||
| 5.7 | [Threat intelligence ](ISO_27002_2022_5.7_MoC%20Threat%20intelligence.md) | New |
|
||||
| 5.8 | [Information security in project management ](ISO_27002_2022_5.8_MoC%20Information%20security%20in%20project%20management.md) | 06.1.5, 14.1.1 |
|
||||
| 5.9 | [Inventory of information and other associated assets ](../../../../ISO_27002_2022_5.9_MoC%20Inventory%20of%20information%20and%20other%20associated%20assets.md) | 08.1.1, 08.1.2 |
|
||||
| 5.10 | [Acceptable use of information and other associated assets ](ISO_27002_2022_5.10_MoC%20Acceptable%20use%20of%20information%20and%20other%20associated%20assets.md) | 08.1.3, 08.2.3 |
|
||||
| 5.11 | [Return of assets ](ISO_27002_2022_5.11_MoC%20Return%20of%20assets.md) | 08.1.4 |
|
||||
| 5.12 | [Classification of information ](ISO_27002_2022_5.12_MoC%20Classification%20of%20information.md) | 08.2.1 |
|
||||
| 5.13 | [Labelling of information ](ISO_27002_2022_5.13_MoC%20Labelling%20of%20information.md) | 08.2.2 |
|
||||
| 5.14 | [Information transfer ](ISO_27002_2022_5.14_MoC%20Information%20transfer.md) | 13.2.1, 13.2.2, 13.2.3 |
|
||||
| 5.15 | [Access control ](ISO_27002_2022_5.15_MoC%20Access%20control.md) | 09.1.1, 09.1.2 |
|
||||
| 5.16 | [Identity management ](ISO_27002_2022_5.16_MoC%20Identity%20management.md) | 09.2.1 |
|
||||
| 5.17 | [Authentication information ](ISO_27002_2022_5.17_MoC%20Authentication%20information.md) | 09.2.4, 09.3.1, 09.4.3 |
|
||||
| 5.18 | [Access rights ](ISO_27002_2022_5.18_MoC%20Access%20rights.md) | 09.2.2, 09.2.5, 09.2.6 |
|
||||
| 5.19 | [Information security in supplier relationships ](ISO_27002_2022_5.19_MoC%20Information%20security%20in%20supplier%20relationships.md) | 15.1.1 |
|
||||
| 5.20 | [Addressing information security within supplier agreements ](ISO_27002_2022_5.20_MoC%20Addressing%20information%20security%20within%20supplier%20agreements.md) | 15.1.2 |
|
||||
| 5.21 | [Managing information security in the ICT supply chain ](ISO_27002_2022_5.21_MoC%20Managing%20information%20security%20in%20the%20ICT%20supply%20chain.md) | 15.1.3 |
|
||||
| 5.22 | [Monitoring, review and change management of supplier services ](ISO_27002_2022_5.22_MoC%20Monitoring,%20review%20and%20change%20management%20of%20supplier%20services.md) | 15.2.1, 15.2.2 |
|
||||
| 5.23 | [Information security for use of cloud services ](ISO_27002_2022_5.23_MoC%20Information%20security%20for%20use%20of%20cloud%20services.md) | New |
|
||||
| 5.24 | [Information security incident management planning and preparation ](ISO_27002_2022_5.24_MoC%20Information%20security%20incident%20management%20planning%20and%20preparation.md) | 16.1.1 |
|
||||
| 5.25 | [Assessment and decision on information security events ](ISO_27002_2022_5.25_MoC%20Assessment%20and%20decision%20on%20information%20security%20events.md) | 16.1.4 |
|
||||
| 5.26 | [Response to information security incidents ](ISO_27002_2022_5.26_MoC%20Response%20to%20information%20security%20incidents.md) | 16.1.5 |
|
||||
| 5.27 | [Learning from information security incidents ](ISO_27002_2022_5.27_MoC%20Learning%20from%20information%20security%20incidents.md) | 16.1.6 |
|
||||
| 5.28 | [Collection of evidence ](ISO_27002_2022_5.28_MoC%20Collection%20of%20evidence.md) | 16.1.7 |
|
||||
| 5.29 | [Information security during disruption ](ISO_27002_2022_5.29_MoC%20Information%20security%20during%20disruption.md) | 17.1.1, 17.1.2, 17.1.3 |
|
||||
| 5.30 | [ICT readiness for business continuity ](ISO_27002_2022_5.30_MoC%20ICT%20readiness%20for%20business%20continuity.md) | New |
|
||||
| 5.31 | [Legal, statutory, regulatory and contractual requirements ](ISO_27002_2022_5.31_MoC%20Legal,%20statutory,%20regulatory%20and%20contractual%20requirements.md) | 18.1.1, 18.1.5 |
|
||||
| 5.32 | [Intellectual property rights ](ISO_27002_2022_5.32_MoC%20Intellectual%20property%20rights.md) | 18.1.2 |
|
||||
| 5.33 | [Protection of records ](ISO_27002_2022_5.33_MoC%20Protection%20of%20records.md) | 18.1.3 |
|
||||
| 5.34 | [Privacy and protection of PII ](ISO_27002_2022_5.34_MoC%20Privacy%20and%20protection%20of%20PII.md) | 18.1.4 |
|
||||
| 5.35 | [Independent review of information security ](ISO_27002_2022_5.35_MoC%20Independent%20review%20of%20information%20security.md) | 18.2.1 |
|
||||
| 5.36 | [Compliance with policies, rules and standards for information security](ISO_27002_2022_5.36_MoC%20Compliance%20with%20policies,%20rules%20and%20standards%20for%20information%20security.md) | 18.2.2, 18.2.3 |
|
||||
| 5.37 | [Documented operating procedures ](ISO_27002_2022_5.37_MoC%20Documented%20operating%20procedures.md) | 12.1.1 |
|
||||
| **6** | **People controls** | |
|
||||
| 6.1 | [Screening ](ISO_27002_2022_6.1_MoC%20Screening.md) | 07.1.1 |
|
||||
| 6.2 | [Terms and conditions of employment ](ISO_27002_2022_6.2_MoC%20Terms%20and%20conditions%20of%20employment.md) | 07.1.2 |
|
||||
| 6.3 | [Information security awareness, education and training ](ISO_27002_2022_6.3_MoC%20Information%20security%20awareness,%20education%20and%20training.md) | 07.2.2 |
|
||||
| 6.4 | [Disciplinary process ](ISO_27002_2022_6.4_MoC%20Disciplinary%20process.md) | 07.2.3 |
|
||||
| 6.5 | [Responsibilities after termination or change of employment ](ISO_27002_2022_6.5_MoC%20Responsibilities%20after%20termination%20or%20change%20of%20employment.md) | 07.3.1 |
|
||||
| 6.6 | [Confidentiality or non-disclosure agreements ](ISO_27002_2022_6.6_MoC%20Confidentiality%20or%20non-disclosure%20agreements.md) | 13.2.4 |
|
||||
| 6.7 | [Remote working ](ISO_27002_2022_6.7_MoC%20Remote%20working.md) | 06.2.2 |
|
||||
| 6.8 | [Information security event reporting ](ISO_27002_2022_6.8_MoC%20Information%20security%20event%20reporting.md) | 16.1.2, 16.1.3 |
|
||||
| **7** | **Physical controls** | |
|
||||
| 7.1 | [Physical security perimeters ](ISO_27002_2022_7.1_MoC%20Physical%20security%20perimeters.md) | 11.1.1 |
|
||||
| 7.2 | [Physical entry ](ISO_27002_2022_7.2_MoC%20Physical%20entry.md) | 11.1.2, 11.1.6 |
|
||||
| 7.3 | [Securing offices, rooms and facilities ](ISO_27002_2022_7.3_MoC%20Securing%20offices,%20rooms%20and%20facilities.md) | 11.1.3 |
|
||||
| 7.4 | [Physical security monitoring ](ISO_27002_2022_7.4_MoC%20Physical%20security%20monitoring.md) | New |
|
||||
| 7.5 | [Protecting against physical and environmental threats ](ISO_27002_2022_7.5_MoC%20Protecting%20against%20physical%20and%20environmental%20threats.md) | 11.1.4 |
|
||||
| 7.6 | [Working in secure areas ](ISO_27002_2022_7.6_MoC%20Working%20in%20secure%20areas.md) | 11.1.5 |
|
||||
| 7.7 | [Clear desk and clear screen ](ISO_27002_2022_7.7_MoC%20Clear%20desk%20and%20clear%20screen.md) | 11.2.9 |
|
||||
| 7.8 | [Equipment siting and protection ](ISO_27002_2022_7.8_MoC%20Equipment%20siting%20and%20protection.md) | 11.2.1 |
|
||||
| 7.9 | [Security of assets off-premises ](ISO_27002_2022_7.9_MoC%20Security%20of%20assets%20off-premises.md) | 11.2.6 |
|
||||
| 7.10 | [Storage media ](ISO_27002_2022_7.10_MoC%20Storage%20media.md) | 08.3.1, 08.3.2, 08.3.3, 11.2.5 |
|
||||
| 7.11 | [Supporting utilities ](ISO_27002_2022_7.11_MoC%20Supporting%20utilities.md) | 11.2.2 |
|
||||
| 7.12 | [Cabling security ](ISO_27002_2022_7.12_MoC%20Cabling%20security.md) | 11.2.3 |
|
||||
| 7.13 | [Equipment maintenance ](ISO_27002_2022_7.13_MoC%20Equipment%20maintenance.md) | 11.2.4 |
|
||||
| 7.14 | [Secure disposal or re-use of equipment ](ISO_27002_2022_7.14_MoC%20Secure%20disposal%20or%20re-use%20of%20equipment.md) | 11.2.7 |
|
||||
| **8** | **Technological controls** | |
|
||||
| 8.1 | [User endpoint devices ](ISO_27002_2022_8.1_MoC%20User%20endpoint%20devices.md) | 06.2.1, 11.2.8 |
|
||||
| 8.2 | [Privileged access rights ](ISO_27002_2022_8.2_MoC%20Privileged%20access%20rights.md) | 09.2.3 |
|
||||
| 8.3 | [Information access restriction ](ISO_27002_2022_8.3_MoC%20Information%20access%20restriction.md) | 09.4.1 |
|
||||
| 8.4 | [Access to source code ](ISO_27002_2022_8.4_MoC%20Access%20to%20source%20code.md) | 09.4.5 |
|
||||
| 8.5 | [Secure authentication ](ISO_27002_2022_8.5_MoC%20Secure%20authentication.md) | 09.4.2 |
|
||||
| 8.6 | [Capacity management ](ISO_27002_2022_8.6_MoC%20Capacity%20management.md) | 12.1.3 |
|
||||
| 8.7 | [Protection against malware ](ISO_27002_2022_8.7_MoC%20Protection%20against%20malware.md) | 12.2.1 |
|
||||
| 8.8 | [Management of technical vulnerabilities ](ISO_27002_2022_8.8_MoC%20Management%20of%20technical%20vulnerabilities.md) | 12.6.1, 18.2.3 |
|
||||
| 8.9 | [Configuration management ](ISO_27002_2022_8.9_MoC%20Configuration%20management.md) | New |
|
||||
| 8.10 | [Information deletion ](ISO_27002_2022_8.10_MoC%20Information%20deletion.md) | New |
|
||||
| 8.11 | [Data masking ](ISO_27002_2022_8.11_MoC%20Data%20masking.md) | New |
|
||||
| 8.12 | [Data leakage prevention ](ISO_27002_2022_8.12_MoC%20Data%20leakage%20prevention.md) | New |
|
||||
| 8.13 | [Information backup ](ISO_27002_2022_8.13_MoC%20Information%20backup.md) | 12.3.1 |
|
||||
| 8.14 | [Redundancy of information processing facilities ](ISO_27002_2022_8.14_MoC%20Redundancy%20of%20information%20processing%20facilities.md) | 17.2.1 |
|
||||
| 8.15 | [Logging ](ISO_27002_2022_8.15_MoC%20Logging.md) | 12.4.1, 12.4.2, 12.4.3 |
|
||||
| 8.16 | [Monitoring activities ](ISO_27002_2022_8.16_MoC%20Monitoring%20activities.md) | New |
|
||||
| 8.17 | [Clock synchronization ](ISO_27002_2022_8.17_MoC%20Clock%20synchronization.md) | 12.4.4 |
|
||||
| 8.18 | [Use of privileged utility programs ](ISO_27002_2022_8.18_MoC%20Use%20of%20privileged%20utility%20programs.md) | 09.4.4 |
|
||||
| 8.19 | [Installation of software on operational systems ](ISO_27002_2022_8.19_MoC%20Installation%20of%20software%20on%20operational%20systems.md) | 12.5.1, 12.6.2 |
|
||||
| 8.20 | [Networks security ](ISO_27002_2022_8.20_MoC%20Networks%20security.md) | 13.1.1 |
|
||||
| 8.21 | [Security of network services ](ISO_27002_2022_8.21_MoC%20Security%20of%20network%20services.md) | 13.1.2 |
|
||||
| 8.22 | [Segregation of networks ](ISO_27002_2022_8.22_MoC%20Segregation%20of%20networks.md) | 13.1.3 |
|
||||
| 8.23 | [Web filtering ](ISO_27002_2022_8.23_MoC%20Web%20filtering.md) | New |
|
||||
| 8.24 | [Use of cryptography ](ISO_27002_2022_8.24_MoC%20Use%20of%20cryptography.md) | 10.1.1, 10.1.2 |
|
||||
| 8.25 | [Secure development life cycle ](ISO_27002_2022_8.25_MoC%20Secure%20development%20life%20cycle.md) | 14.2.1 |
|
||||
| 8.26 | [Application security requirements ](ISO_27002_2022_8.26_MoC%20Application%20security%20requirements.md) | 14.1.2, 14.1.3 |
|
||||
| 8.27 | [Secure system architecture and engineering principles ](ISO_27002_2022_8.27_MoC%20Secure%20system%20architecture%20and%20engineering%20principles.md) | 14.2.5 |
|
||||
| 8.28 | [Secure coding ](ISO_27002_2022_8.28_MoC%20Secure%20coding.md) | New |
|
||||
| 8.29 | [Security testing in development and acceptance ](ISO_27002_2022_8.29_MoC%20Security%20testing%20in%20development%20and%20acceptance.md) | 14.2.8, 14.2.9 |
|
||||
| 8.30 | [Outsourced development ](ISO_27002_2022_8.30_MoC%20Outsourced%20development.md) | 14.2.7 |
|
||||
| 8.31 | [Separation of development, test and production environments ](ISO_27002_2022_8.31_MoC%20Separation%20of%20development,%20test%20and%20production%20environments.md) | 12.1.4, 14.2.6 |
|
||||
| 8.32 | [Change management ](ISO_27002_2022_8.32_MoC%20Change%20management.md) | 12.1.2, 14.2.2, 14.2.3, 14.2.4 |
|
||||
| 8.33 | [Test information ](ISO_27002_2022_8.33_MoC%20Test%20information.md) | 14.3.1 |
|
||||
| 8.34 | [Protection of information systems during audit testing ](ISO_27002_2022_8.34_MoC%20Protection%20of%20information%20systems%20during%20audit%20testing.md) | 12.7.1 |
|
||||
|
|
@ -1,52 +0,0 @@
|
|||
#iso27001/2022/EN
|
||||
# ISO 27001:2022 EN Index
|
||||
|
||||
| Clause | Title |
|
||||
| ---------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| **F** | **[Foreword](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%20F%20Foreword.md)** |
|
||||
| **0** | **[Introduction](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%200%20Introduction.md)** |
|
||||
| **1** | **[Scope](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%201%20Scope.md)** |
|
||||
| **2** | **[Normative references](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%202%20Normative%20references.md)** |
|
||||
| **3** | **[Terms and definitions](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%20Terms%20and%20definitions.md)** |
|
||||
| **4** | **[Context of the organization](ISO_27001_2022_4_MoC%20Context%20of%20the%20organization.md)** |
|
||||
| 4.1 | [Understanding the organization and its context ](ISO_27001_2022_4.1_MoC%20Understanding%20the%20organization%20and%20its%20context.md) |
|
||||
| 4.2 | [Understanding the needs and expectations of interested parties ](ISO_27001_2022_4.2_MoC%20Understanding%20the%20needs%20and%20expectations%20of%20interested%20parties.md) |
|
||||
| 4.3 | [Determining the scope of the information security management system ](ISO_27001_2022_4.3_MoC%20Determining%20the%20scope%20of%20the%20information%20security%20management%20system.md) |
|
||||
| 4.4 | [Information security management system ](ISO_27001_2022_4.4_MoC%20Information%20security%20management%20system.md) |
|
||||
| **5** | **[Leadership](ISO_27001_2022_5_MoC%20Leadership.md)** |
|
||||
| 5.1 | [Leadership and commitment ](ISO_27001_2022_5.1_MoC%20Leadership%20and%20commitment.md) |
|
||||
| 5.2 | [Policy ](ISO_27001_2022_5.2_MoC%20Policy.md) |
|
||||
| 5.3 | [Organizational roles, responsibilities and authorities ](ISO_27001_2022_5.3_MoC%20Organizational%20roles,%20responsibilities%20and%20authorities.md) |
|
||||
| **6** | **[Planning](ISO_27001_2022_6_MoC%20Planning.md)** |
|
||||
| 6.1 | [Actions to address risks and opportunities ](ISO_27001_2022_6.1_MoC%20Actions%20to%20address%20risks%20and%20opportunities.md) |
|
||||
| 6.1.1 | [General ](ISO_27001_2022_6.1.1_MoC%20General.md) |
|
||||
| 6.1.2 | [Information security risk assessment ](ISO_27001_2022_6.1.2_MoC%20Information%20security%20risk%20assessment.md) |
|
||||
| 6.1.3 | [Information security risk treatment ](ISO_27001_2022_6.1.3_MoC%20Information%20security%20risk%20treatment.md) |
|
||||
| 6.2 | [Information security objectives and planning to achieve them ](ISO_27001_2022_6.2_MoC%20Information%20security%20objectives%20and%20planning%20to%20achieve%20them.md) |
|
||||
| 6.3 | [Planning of changes ](ISO_27001_2022_6.3_MoC%20Planning%20of%20changes.md) |
|
||||
| **7** | **[Support](ISO_27001_2022_7_MoC%20Support.md)** |
|
||||
| 7.1 | [ Resources ](ISO_27001_2022_7.1_MoC%20Resources.md) |
|
||||
| 7.2 | [ Competence ](ISO_27001_2022_7.2_MoC%20Competence.md) |
|
||||
| 7.3 | [ Awareness ](ISO_27001_2022_7.3_MoC%20Awareness.md) |
|
||||
| 7.4 | [ Communication ](ISO_27001_2022_7.4_MoC%20Communication.md) |
|
||||
| 7.5 | [ Documented information ](ISO_27001_2022_7.5_MoC%20Documented%20information.md) |
|
||||
| 7.5.1 | General ↑ |
|
||||
| 7.5.2 | Creating and updating ↑ |
|
||||
| 7.5.3 | Control of documented information ↑ |
|
||||
| **8** | **[Operation](ISO_27001_2022_8_MoC%20Operation.md)** |
|
||||
| 8.1 | [Operational planning and control ](ISO_27001_2022_8.1_MoC%20Operational%20planning%20and%20control.md) |
|
||||
| 8.2 | [Information security risk assessment ](ISO_27001_2022_8.2_MoC%20Information%20security%20risk%20assessment.md) |
|
||||
| 8.3 | [Information security risk treatment ](ISO_27001_2022_8.3_MoC%20Information%20security%20risk%20treatment.md) |
|
||||
| **9** | **[Performance evaluation](ISO_27001_2022_9_MoC%20Performance%20evaluation.md)** |
|
||||
| 9.1 | [Monitoring, measurement, analysis and evaluation ](ISO_27001_2022_9.1_MoC%20Monitoring,%20measurement,%20analysis%20and%20evaluation.md) |
|
||||
| 9.2 | [Internal audit ](ISO_27001_2022_9.2_MoC%20Internal%20audit.md) |
|
||||
| 9.2.1 | General ↑ |
|
||||
| 9.2.2 | Internal audit programme ↑ |
|
||||
| 9.3 | [Management review ](ISO_27001_2022_9.3_MoC%20Management%20review.md) |
|
||||
| 9.3.1 | General ↑ |
|
||||
| 9.3.2 | Management review inputs ↑ |
|
||||
| 9.3.3 | Management review results ↑ |
|
||||
| **10** | **[Improvement](ISO_27001_2022_10_MoC%20Improvement.md)** |
|
||||
| 10.1 | [Continual improvement ](ISO_27001_2022_10.1_MoC%20Continual%20improvement.md) |
|
||||
| 10.2 | [Nonconformity and corrective action ](ISO_27001_2022_10.2_MoC%20Nonconformity%20and%20corrective%20action.md) |
|
||||
| **[Annex A](ISO_27001_2022_00_MoC%20Index%20EXT.md)** | **Information security controls reference** |
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%2010.1%20Continual%20improvement.md)
|
||||
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27001-2022-EN/ISO_27001_PE%2010.1%20Continual%20improvement.md)
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%2010.2%20Nonconformity%20and%20corrective%20action.md)
|
||||
|
||||
[[ISO_27001_PE 10.2 Nonconformity and corrective action\|Plain English]]
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
# Chapter 10: Improvement
|
||||
|
||||
| **10** | **[Improvement](ISO_27001_2022_10_MoC%20Improvement.md)** |
|
||||
| ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| 10.1 | [Continual improvement ](ISO_27001_2022_10.1_MoC%20Continual%20improvement.md) |
|
||||
| 10.2 | [Nonconformity and corrective action ](ISO_27001_2022_10.2_MoC%20Nonconformity%20and%20corrective%20action.md) |
|
||||
|
|
@ -1,20 +0,0 @@
|
|||
# About C4.1: Understanding the organization and its context
|
||||
From ISO 27001:2022
|
||||
|
||||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%204.1%20Understanding%20the%20organization%20and%20its%20context.md)
|
||||
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27001-2022-EN/ISO_27001_2022_PE%204.1%20Understanding%20the%20organization%20and%20its%20context.md) translation
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
# About C4.2: Understanding the needs and expectations of interested parties
|
||||
|
||||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%204.2%20Understanding%20the%20needs%20and%20expectations%20of%20interested%20parties.md)
|
||||
|
||||
[[ISO_27001_PE 4.2 Understanding the needs and expectations of interested parties\|Plain English]]
|
||||
|
||||
|
||||
[PECB Auditor training: Context of the organization](../../../../👩🏼⚖️%20Standards%20and%20Regulations/ISO%2027K/PECB%20Lead%20Auditor%20Training%2027001/PECB%2027001%20LA%20S05%20E01a%20-%20Context%20of%20the%20organization.md)
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
# About C4.3 Determining the scope of the information security management system
|
||||
|
||||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%204.3%20Determining%20the%20scope%20of%20the%20information%20security%20management%20system.md)
|
||||
|
||||
[[ISO_27001_PE 4.3 Determining the scope of the information security management system\|Plain English]]
|
||||
|
||||
[About the Statement of Applicability](../../../Drafts%20and%20Ideas/ISMS/About%20the%20Statement%20of%20Applicability.md)
|
||||
|
||||
[PECB Auditor training: Context of the organization](../../../../👩🏼⚖️%20Standards%20and%20Regulations/ISO%2027K/PECB%20Lead%20Auditor%20Training%2027001/PECB%2027001%20LA%20S05%20E01a%20-%20Context%20of%20the%20organization.md)
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
# About C4.4: Information security management system
|
||||
|
||||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%204.4%20Information%20security%20management%20system.md)
|
||||
|
||||
[[ISO_27001_PE 4.4 Information security management system\|Plain English]]
|
||||
|
||||
[PECB Auditor training: Context of the organization](../../../../👩🏼⚖️%20Standards%20and%20Regulations/ISO%2027K/PECB%20Lead%20Auditor%20Training%2027001/PECB%2027001%20LA%20S05%20E01a%20-%20Context%20of%20the%20organization.md)
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
# Chapter 4: Context of the organization
|
||||
|
||||
| **4** | **Context of the organization** |
|
||||
| ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| 4.1 | [Understanding the organization and its context ](ISO_27001_2022_4.1_MoC%20Understanding%20the%20organization%20and%20its%20context.md) |
|
||||
| 4.2 | [Understanding the needs and expectations of interested parties ](ISO_27001_2022_4.2_MoC%20Understanding%20the%20needs%20and%20expectations%20of%20interested%20parties.md) |
|
||||
| 4.3 | [Determining the scope of the information security management system ](ISO_27001_2022_4.3_MoC%20Determining%20the%20scope%20of%20the%20information%20security%20management%20system.md) |
|
||||
| 4.4 | [Information security management system ](ISO_27001_2022_4.4_MoC%20Information%20security%20management%20system.md) |
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
# About Clause 5.1: Leadership and commitment
|
||||
|
||||
Describes the responsibilities of 'Top management' with regards to the ISMS.
|
||||
|
||||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%205.1%20Leadership%20and%20commitment.md)
|
||||
|
||||
[[ISO_27001_PE 5.1 Leadership and commitment\|Plain English]]
|
||||
|
||||
Related:
|
||||
- [Clause 9.3](ISO_27001_2022_9.3_MoC%20Management%20review.md), Management review
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
# About Clause 5.2: Policy
|
||||
|
||||
The information security policy as established by top management
|
||||
|
||||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%205.2%20Policy.md)
|
||||
|
||||
[[ISO_27001_PE 5.2 Policy\|Plain English]]
|
||||
|
||||
[PECB Auditor training: Leadership](../../../../👩🏼⚖️%20Standards%20and%20Regulations/ISO%2027K/PECB%20Lead%20Auditor%20Training%2027001/PECB%2027001%20LA%20S05%20E01b%20-%20Leadership.md)
|
||||
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
# About Clause 5.3: Organizational roles, responsibilities and authorities
|
||||
|
||||
Top management must make sure that responsibilities and authorities for information security roles are assigned and communicated within the organization.
|
||||
|
||||
Top management specifically needs to assign responsibility and authority for ensuring the ISMS's compliance with the standard, and for reporting[^1] on it's performance (apparently, assigning *other* responsibilities and authorities need *not* be a top management concern).
|
||||
|
||||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_2022_OT%205.3%20Organizational%20roles,%20responsibilities%20and%20authorities.md)
|
||||
|
||||
[[ISO_27001_PE 5.3 Organizational roles, responsibilities and authorities\|Plain English]]
|
||||
|
||||
[PECB Auditor training: Leadership](../../../../👩🏼⚖️%20Standards%20and%20Regulations/ISO%2027K/PECB%20Lead%20Auditor%20Training%2027001/PECB%2027001%20LA%20S05%20E01b%20-%20Leadership.md)
|
||||
|
||||
|
||||
|
||||
[^1]: Note that 'reporting' (5.3b) means carrying responsibility and being accountable (for the performance of the ISMS), not just giving information.
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
# Chapter 5: Leadership
|
||||
|
||||
| **5** | **[Leadership](ISO_27001_2022_5_MoC%20Leadership.md)** |
|
||||
| ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| 5.1 | [Leadership and commitment ](ISO_27001_2022_5.1_MoC%20Leadership%20and%20commitment.md) |
|
||||
| 5.2 | [Policy ](ISO_27001_2022_5.2_MoC%20Policy.md) |
|
||||
| 5.3 | [Organizational roles, responsibilities and authorities ](ISO_27001_2022_5.3_MoC%20Organizational%20roles,%20responsibilities%20and%20authorities.md) |
|
||||
|
||||
[Context of the organization](../../../../👩🏼⚖️%20Standards%20and%20Regulations/ISO%2027K/PECB%20Lead%20Auditor%20Training%2027001/PECB%2027001%20LA%20S05%20E01a%20-%20Context%20of%20the%20organization.md) from the PECB Auditor training
|
||||
[Leadership](../../../../👩🏼⚖️%20Standards%20and%20Regulations/ISO%2027K/PECB%20Lead%20Auditor%20Training%2027001/PECB%2027001%20LA%20S05%20E01b%20-%20Leadership.md) from the PECB Auditor training
|
||||
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
### 6.1.1 General
|
||||
|
||||
- [Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%206.1.1%20General.md)
|
||||
- [[ISO_27001_PE 6.1.1 General\|Plain English]]
|
||||
|
|
@ -1,42 +0,0 @@
|
|||
# About Clause 6.1.2: I| **6** | **[Planning](ISO_27001_2022_6_MoC%20Planning.md)** |
|
||||
| ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| 6.1 | [Actions to address risks and opportunities ](ISO_27001_2022_6.1_MoC%20Actions%20to%20address%20risks%20and%20opportunities.md) |
|
||||
| 6.1.1 | [General ](ISO_27001_2022_6.1.1_MoC%20General.md) |
|
||||
| 6.1.2 | [Information security risk assessment ](ISO_27001_2022_6.1.2_MoC%20Information%20security%20risk%20assessment.md) |
|
||||
| 6.1.3 | [Information security risk treatment ](ISO_27001_2022_6.1.3_MoC%20Information%20security%20risk%20treatment.md) |
|
||||
| 6.2 | [Information security objectives and planning to achieve them ](ISO_27001_2022_6.2_MoC%20Information%20security%20objectives%20and%20planning%20to%20achieve%20them.md) |
|
||||
| 6.3 | [Planning of changes ](ISO_27001_2022_6.3_MoC%20Planning%20of%20changes.md) |rity investments will deliver the most value. This is in line with the ISO 31000 standard for Risk Management #research title? , which recommends categorizing risks based on your organization’s context and objectives.
|
||||
|
||||
Different organizations worry about different kinds of risks, based on their mission, industry, and stakeholder expectations. An engineering firm may worry about their designs being stolen (protection of intellectual property) and construction errors due to incorrect data or calculations (integrity of information). A hospital will worry about continuity (availability of information) and patient confidentiality. A social media advertising platform, may care less about compliance with privacy regulations, but place great emphasis on uptime of systems.
|
||||
|
||||
To help in this dialogue about risks and risk tolerance, we can use the concept of 'Impact Categories'.
|
||||
## Impact Categories
|
||||
Impact Categories are the types of business consequences that matter most to an organization's leadership, because they affect the organization's ability to achieve its objectives.
|
||||
|
||||
Below is a list of examples of Impact Categories:
|
||||
|
||||
- **Operational**: Disruption of day-to-day processes, workforce capability, system functionality, and the organization's ability to deliver products or services
|
||||
- **Financial**: Direct financial losses, increased costs, reduced revenue, market value decline, or threats to financial stability
|
||||
- **Strategic**: Inability to achieve long-level organizational goals, loss of competitive position, or forced changes to business direction
|
||||
- **Compliance**: Legal penalties, regulatory sanctions, loss of licenses or certifications, or mandatory remediation costs
|
||||
- **Reputational**: Loss of customer trust, damage to brand value, negative media attention, or erosion of stakeholder confidence
|
||||
- **Health and Safety**: Physical harm to employees, customers, or the public, or creation of unsafe conditions
|
||||
- **Environmental**: Environmental damage, pollution incidents, or failure to meet sustainability commitments
|
||||
- **Competitive Advantage**: Loss of proprietary knowledge, patents, trade secrets, or strategic business intelligence
|
||||
- **National Security**: Consequences for critical infrastructure, public safety, or national interests
|
||||
|
||||
You can expand and adapt this list as you see fit. Engage your management in a dialogue about areas of impact, and aim to establish the categories that are most important to them. This will help in weighing priorities later on.
|
||||
|
||||
## qualifying or quantifying risks?
|
||||
|
||||
**Qualifying risks** (qualitative risk assessment) involves describing and categorizing risks using descriptive scales or labels—such as rating likelihood as "low, medium, high" and impact as "minor, moderate, severe"—focusing on understanding the nature and relative severity of risks without precise numerical values.
|
||||
|
||||
**Quantifying risks** (quantitative risk assessment) involves measuring risks using specific numerical values—such as calculating the probability as a percentage (e.g., 15% chance per year) and impact in monetary terms (e.g., €50,000 loss)—providing precise, measurable data that can be used for detailed cost-benefit analysis and statistical modeling.
|
||||
|
||||
Clause 6.1.2 writes we should "assess the potential consequences" and "realistic likelihood" of risks occurring, but the standard doesn't say anything about *how* these should be established (just that that the chosen method must produce "consistent, valid and comparable results").
|
||||
|
||||
The core _requirements_ in ISO/IEC 27001 remain method-agnostic as long as the steps above are met and results are consistent and comparable.
|
||||
|
||||
The organization must set its own criteria for determining risk levels and risk acceptance criteria. The organization defines these elements based on its specific needs, size, structure, objectives, and risks.
|
||||
|
||||
The standard does not say anything about if qualitative or quantitative risk assessment should be applied.
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
# 6.1.3 Information security risk treatment
|
||||
|
||||
- [Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%206.1.3%20Information%20security%20risk%20treatment.md)
|
||||
- [[ISO_27001_PE 6.1.3 Information security risk treatment\|Plain English]]
|
||||
|
||||
[About the Statement of Applicability](../../../Drafts%20and%20Ideas/ISMS/About%20the%20Statement%20of%20Applicability.md)
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
## 6.1 Actions to address risks and opportunities
|
||||
|
||||
- [6.1.1 General](ISO_27001_2022_6.1.1_MoC%20General.md)
|
||||
- [6.1.2 Information security risk assessment](ISO_27001_2022_6.1.2_MoC%20Information%20security%20risk%20assessment.md)
|
||||
- [6.1.3 Information security risk treatment](ISO_27001_2022_6.1.3_MoC%20Information%20security%20risk%20treatment.md)
|
||||
|
||||
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
# About Chapter 6.2: Information security objectives and planning to achieve them
|
||||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%206.2%20Information%20security%20objectives%20and%20planning%20to%20achieve%20them.md)
|
||||
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27001-2022-EN/ISO_27001_PE%206.2%20Information%20security%20objectives%20and%20planning%20to%20achieve%20them.md)
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%206.3%20Planning%20of%20changes.md)
|
||||
|
||||
[[ISO_27001_PE 6.3 Planning of changes\|Plain English]]
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
# Chapter 6: Planning
|
||||
|
||||
| **6** | **[Planning](ISO_27001_2022_6_MoC%20Planning.md)** |
|
||||
| ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| 6.1 | [Actions to address risks and opportunities ](ISO_27001_2022_6.1_MoC%20Actions%20to%20address%20risks%20and%20opportunities.md) |
|
||||
| 6.1.1 | [General ](ISO_27001_2022_6.1.1_MoC%20General.md) |
|
||||
| 6.1.2 | [Information security risk assessment ](ISO_27001_2022_6.1.2_MoC%20Information%20security%20risk%20assessment.md) |
|
||||
| 6.1.3 | [Information security risk treatment ](ISO_27001_2022_6.1.3_MoC%20Information%20security%20risk%20treatment.md) |
|
||||
| 6.2 | [Information security objectives and planning to achieve them ](ISO_27001_2022_6.2_MoC%20Information%20security%20objectives%20and%20planning%20to%20achieve%20them.md) |
|
||||
| 6.3 | [Planning of changes ](ISO_27001_2022_6.3_MoC%20Planning%20of%20changes.md) |
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%207.1%20Resources.md)
|
||||
|
||||
[[ISO_27001_PE 7.1 Resources\|Plain English]]
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%207.2%20Competence.md)
|
||||
|
||||
[[ISO_27001_PE 7.2 Competence\|Plain English]]
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%207.3%20Awareness.md)
|
||||
|
||||
[[ISO_27001_PE 7.3 Awareness\|Plain English]]
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%207.4%20Communication.md)
|
||||
|
||||
[[ISO_27001_PE 7.4 Communication\|Plain English]]
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
### 7.5.1 General
|
||||
|
||||
The organization's information security management system shall include:
|
||||
|
||||
a\) documented information required by this document; and
|
||||
|
||||
b\) documented information determined by the organization as being necessary for the effectiveness of the information security management system.
|
||||
|
||||
NOTE The extent of documented information for an information security management system can differ from one organization to another due to:
|
||||
1\) the size of organization and its type of activities, processes, products and services;
|
||||
2\) the complexity of processes and their interactions; and
|
||||
3\) the competence of persons.
|
||||
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
### 7.5.2 Creating and updating
|
||||
|
||||
When creating and updating documented information the organization shall ensure appropriate:
|
||||
|
||||
a\) identification and description (e.g. a title, date, author, or reference number);
|
||||
|
||||
b\) format (e.g. language, software version, graphics) and media (e.g. paper, electronic); and
|
||||
|
||||
c\) review and approval for suitability and adequacy.
|
||||
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
### 7.5.3 Control of documented information
|
||||
|
||||
Documented information required by the information security management system and by this document shall be controlled to ensure:
|
||||
|
||||
a\) it is available and suitable for use, where and when it is needed; and
|
||||
|
||||
b\) it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of integrity).
|
||||
|
||||
For the control of documented information, the organization shall address the following activities, as applicable:
|
||||
|
||||
c\) distribution, access, retrieval and use;
|
||||
|
||||
d\) storage and preservation, including the preservation of legibility;
|
||||
|
||||
e\) control of changes (e.g. version control); and
|
||||
|
||||
f\) retention and disposition.
|
||||
|
||||
Documented information of external origin, determined by the organization to be necessary for the planning and operation of the information security management system, shall be identified as appropriate, and controlled.
|
||||
|
||||
NOTE Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information, etc.
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%207.5%20Documented%20information.md)
|
||||
|
||||
[[ISO_27001_PE 7.5 Documented information\|Plain English]]
|
||||
|
||||
- [7.5.1 General](ISO_27001_2022_7.5.1_MoC%20General.md)
|
||||
- [7.5.2 Creating and updating](ISO_27001_2022_7.5.2_MoC%20Creating%20and%20updating.md)
|
||||
- [7.5.3 Control of documented information](ISO_27001_2022_7.5.3_MoC%20Control%20of%20documented%20information.md)
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
# Chapter 7: Support
|
||||
|
||||
| **7** | **[Support](ISO_27001_2022_7_MoC%20Support.md)** |
|
||||
| ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| 7.1 | [ Resources ](ISO_27001_2022_7.1_MoC%20Resources.md) |
|
||||
| 7.2 | [ Competence ](ISO_27001_2022_7.2_MoC%20Competence.md) |
|
||||
| 7.3 | [ Awareness ](ISO_27001_2022_7.3_MoC%20Awareness.md) |
|
||||
| 7.4 | [ Communication ](ISO_27001_2022_7.4_MoC%20Communication.md) |
|
||||
| 7.5 | [ Documented information ](ISO_27001_2022_7.5_MoC%20Documented%20information.md) |
|
||||
| 7.5.1 | General ↑ |
|
||||
| 7.5.2 | Creating and updating ↑ |
|
||||
| 7.5.3 | Control of documented information ↑ |
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%208.1%20Operational%20planning%20and%20control.md)
|
||||
|
||||
[[ISO_27001_PE 8.1 Operational planning and control\|Plain English]]
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
# About Clause 8.2: Information security risk assessment
|
||||
|
||||
|
||||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%208.2%20Information%20security%20risk%20assessment.md)
|
||||
|
||||
[[ISO_27001_PE 8.2 Information security risk assessment\|Plain English]]
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
# About Clause 8.3: Information security risk treatment
|
||||
|
||||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%208.3%20Information%20security%20risk%20treatment.md)
|
||||
|
||||
[[ISO_27001_PE 8.3 Information security risk treatment\|Plain English]]
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
# Chapter 8: Operation
|
||||
|
||||
| **8** | **[Operation](ISO_27001_2022_8_MoC%20Operation.md)** |
|
||||
| ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| 8.1 | [Operational planning and control ](ISO_27001_2022_8.1_MoC%20Operational%20planning%20and%20control.md) |
|
||||
| 8.2 | [Information security risk assessment ](ISO_27001_2022_8.2_MoC%20Information%20security%20risk%20assessment.md) |
|
||||
| 8.3 | [Information security risk treatment ](ISO_27001_2022_8.3_MoC%20Information%20security%20risk%20treatment.md) |
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%209.1%20Monitoring,%20measurement,%20analysis%20and%20evaluation.md)
|
||||
|
||||
[[ISO_27001_PE 9.1 Monitoring, measurement, analysis and evaluation\|Plain English]]
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
# About Clause 9.2: Internal audit
|
||||
|
||||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%209.2%20Internal%20audit.md)
|
||||
[[ISO_27001_PE 9.2 Internal audit\|Plain English]]
|
||||
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
# 9.3 Management review
|
||||
|
||||
[Original Text](../ISO-27001-OST/ISO27001-EN-2022/ISO_27001_OT%209.3%20Management%20review.md)
|
||||
[[ISO_27001_PE 9.3 Management review\|Plain English]]
|
||||
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
# Chapter 9: Performance evaluation
|
||||
|
||||
| **9** | **[Performance evaluation](ISO_27001_2022_9_MoC%20Performance%20evaluation.md)** |
|
||||
| ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
| 9.1 | [Monitoring, measurement, analysis and evaluation ](ISO_27001_2022_9.1_MoC%20Monitoring,%20measurement,%20analysis%20and%20evaluation.md) |
|
||||
| 9.2 | [Internal audit ](ISO_27001_2022_9.2_MoC%20Internal%20audit.md) |
|
||||
| 9.2.1 | General ↑ |
|
||||
| 9.2.2 | Internal audit programme ↑ |
|
||||
| 9.3 | [Management review ](ISO_27001_2022_9.3_MoC%20Management%20review.md) |
|
||||
| 9.3.1 | General ↑ |
|
||||
| 9.3.2 | Management review inputs ↑ |
|
||||
| 9.3.3 | Management review results ↑ |
|
||||
|
|
@ -1,94 +0,0 @@
|
|||
#iso27002/2022/EN
|
||||
5.1 Policies for information security
|
||||
5.2 Information security roles and responsibilities
|
||||
5.3 Segregation of duties
|
||||
5.4 Management responsibilities
|
||||
5.5 Contact with authorities
|
||||
5.6 Contact with special interest groups
|
||||
5.7 Threat intelligence
|
||||
5.8 Information security in project management
|
||||
5.9 Inventory of information and other associated assets
|
||||
5.10 Acceptable use of information and other associated assets
|
||||
5.11 Return of assets
|
||||
5.12 Classification of information
|
||||
5.13 Labelling of information
|
||||
5.14 Information transfer
|
||||
5.15 Access control
|
||||
5.16 Identity management
|
||||
5.17 Authentication information
|
||||
5.18 Access rights
|
||||
5.19 Information security in supplier relationships
|
||||
5.20 Addressing information security within supplier agreements
|
||||
5.21 Managing information security in the ICT supply chain
|
||||
5.22 Monitoring, review and change management of supplier services
|
||||
5.23 Information security for use of cloud services
|
||||
5.24 Information security incident management planning and preparation
|
||||
5.25 Assessment and decision on information security events
|
||||
5.26 Response to information security incidents
|
||||
5.27 Learning from information security incidents
|
||||
5.28 Collection of evidence
|
||||
5.29 Information security during disruption
|
||||
5.30 ICT readiness for business continuity
|
||||
5.31 Legal, statutory, regulatory and contractual requirements
|
||||
5.32 Intellectual property rights
|
||||
5.33 Protection of records
|
||||
5.34 Privacy and protection of PII
|
||||
5.35 Independent review of information security
|
||||
5.36 Compliance with policies, rules and standards for information security
|
||||
5.37 Documented operating procedures
|
||||
6.1 Screening
|
||||
6.2 Terms and conditions of employment
|
||||
6.3 Information security awareness, education and training
|
||||
6.4 Disciplinary process
|
||||
6.5 Responsibilities after termination or change of employment
|
||||
6.6 Confidentiality or non-disclosure agreements
|
||||
6.7 Remote working
|
||||
6.8 Information security event reporting
|
||||
7.1 Physical security perimeters
|
||||
7.2 Physical entry
|
||||
7.3 Securing offices, rooms and facilities
|
||||
7.4 Physical security monitoring
|
||||
7.5 Protecting against physical and environmental threats
|
||||
7.6 Working in secure areas
|
||||
7.7 Clear desk and clear screen
|
||||
7.8 Equipment siting and protection
|
||||
7.9 Security of assets off-premises
|
||||
7.10 Storage media
|
||||
7.11 Supporting utilities
|
||||
7.12 Cabling security
|
||||
7.13 Equipment maintenance
|
||||
7.14 Secure disposal or re-use of equipment
|
||||
8.1 User endpoint devices
|
||||
8.2 Privileged access rights
|
||||
8.3 Information access restriction
|
||||
8.4 Access to source code
|
||||
8.5 Secure authentication
|
||||
8.6 Capacity management
|
||||
8.7 Protection against malware
|
||||
8.8 Management of technical vulnerabilities
|
||||
8.9 Configuration management
|
||||
8.10 Information deletion
|
||||
8.11 Data masking
|
||||
8.12 Data leakage prevention
|
||||
8.13 Information backup
|
||||
8.14 Redundancy of information processing facilities
|
||||
8.15 Logging
|
||||
8.16 Monitoring activities
|
||||
8.17 Clock synchronization
|
||||
8.18 Use of privileged utility programs
|
||||
8.19 Installation of software on operational systems
|
||||
8.20 Networks security
|
||||
8.21 Security of network services
|
||||
8.22 Segregation of networks
|
||||
8.23 Web filtering
|
||||
8.24 Use of cryptography
|
||||
8.25 Secure development life cycle
|
||||
8.26 Application security requirements
|
||||
8.27 Secure system architecture and engineering principles
|
||||
8.28 Secure coding
|
||||
8.29 Security testing in development and acceptance
|
||||
8.30 Outsourced development
|
||||
8.31 Separation of development, test and production environments
|
||||
8.32 Change management
|
||||
8.33 Test information
|
||||
8.34 Protection of information systems during audit testing
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.10-Acceptable-use-of-information-and-other-associated-assets.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.10_PE%20Acceptable%20use%20of%20information%20and%20other%20associated%20assets.md)
|
||||
ISO 27002:2013: 08.1.3, 08.2.3
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.10-Aanvaardbaar-gebruik-van-informatie-en-andere-gerelateerde-bedrijfsmiddelen.md)
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.11-Return-of-assets.md)
|
||||
[[ISO_27002_2022_5.11_PE Return of assets \|Plain English]]
|
||||
ISO 27002:2013: 08.1.4
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.11-Retourneren-van-bedrijfsmiddelen.md)
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.12-Classification-of-information.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.12_PE%20Classification%20of%20information.md)
|
||||
ISO 27002:2013: 08.2.1
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.12-Classificeren-van-informatie.md)
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.13-Labelling-of-information.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.13_PE%20Labelling%20of%20information.md)
|
||||
ISO 27002:2013: 08.2.2
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.13-Labelen-van-informatie.md)
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.14-Information-transfer.md)
|
||||
[[ISO_27002_2022_5.14_PE Information transfer \|Plain English]]
|
||||
ISO 27002:2013: 13.2.1, 13.2.2, 13.2.3
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.14-Overdragen-van-informatie.md)
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
# About Control 5.15: Access control
|
||||
|
||||
Foundational rules and principles to control access to information assets, in line with business and information security requirements.
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.15-Access-control.md)
|
||||
[[ISO_27002_2022_5.15_PE Access control \|Plain English]]
|
||||
ISO 27002:2013: 09.1.1, 09.1.2
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
# About Control 5.16: Identity management
|
||||
|
||||
Identity life cycle management.
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.16-Identity-management.md)
|
||||
[[ISO_27002_2022_5.16_PE Identity management \|Plain English]]
|
||||
ISO 27002:2013: 09.2.1
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.16-Identiteitsbeheer.md)
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
# About Control 5.17: Authentication information
|
||||
|
||||
Managing authentication information, including advising personnel on how to handle authentication information.
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.17-Authentication-information.md)
|
||||
[[ISO_27002_2022_5.17_PE Authentication information \|Plain English]]
|
||||
ISO 27002:2013: 09.2.4, 09.3.1, 09.4.3
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.17-Beheren-van-authenticatie-informatie.md)
|
||||
[Normaal Nederlands](../ISO-27002-OST/ISO27002-NL-2022/ISO_27002_2022_NL_5.17_NN%20Beheren%20van%20authenticatie-informatie.md)
|
||||
|
||||
|
||||
|
||||
[Sterke wachtwoorden in 2024](../../../../🎇%20Sparks/Sterke%20wachtwoorden%20in%202024.md)
|
||||
|
||||
**NCSC over authenticeren**
|
||||
- [Authenticatie als onderdeel van Digitale Weerbaarheid](https://www.ncsc.nl/wat-kun-je-zelf-doen/weerbaarheid/beschermen/authenticatie)
|
||||
- [NCSC Infosheet Volwassen Authenticeren](../../../../👩🏼⚖️%20Standards%20and%20Regulations/NCSC/NCSC%20Infosheet%20Volwassen%20Authenticeren.md)
|
||||
- [NCSC_Factsheet_Volwassen_Authenticeren](../../../../👩🏼⚖️%20Standards%20and%20Regulations/NCSC/NCSC_Factsheet_Volwassen_Authenticeren.md)
|
||||
- [NCSC Factsheet Gebruik Tweefactorauthenticatie](../../../../👩🏼⚖️%20Standards%20and%20Regulations/NCSC/NCSC%20Factsheet%20Gebruik%20Tweefactorauthenticatie.md)
|
||||
- [Choosing the right type](https://www.ncsc.gov.uk/guidance/authentication-methods-choosing-the-right-type)
|
||||
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
# About Control 5.18: Access rights
|
||||
|
||||
Access rights management procedures (provisioning, review, modification and removal) in line with business rules for access control (from [A5.15](ISO_27002_2022_5.15_MoC%20Access%20control.md)).
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.18-Access-rights.md)
|
||||
[[ISO_27002_2022_5.18_PE Access rights \|Plain English]]
|
||||
ISO 27002:2013: 09.2.2, 09.2.5, 09.2.6
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.18-Toegangsrechten.md)
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.19-Information-security-in-supplier-relationships.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.19_PE%20Information%20security%20in%20supplier%20relationships.md)
|
||||
ISO 27002:2013: 15.1.1
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.19-Informatiebeveiliging-in-leveranciersrelaties.md)
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.20-Addressing-information-security-within-supplier-agreements.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.20_PE%20Addressing%20information%20security%20within%20supplier%20agreements.md)
|
||||
ISO 27002:2013: 15.1.2
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.20-Adresseren-van-informatiebeveiliging-in-leveranciersovereenkomsten.md)
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.21-Managing-information-security-in-the-ICT-supply-chain.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.21_PE%20Managing%20information%20security%20in%20the%20ICT%20supply%20chain.md)
|
||||
ISO 27002:2013: 15.1.3
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.21-Beheren-van-informatiebeveiliging-in-de-ICT-keten.md)
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.22-Monitoring-review-and-change-management-of-supplier-services.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.22_PE%20Monitoring,%20review%20and%20change%20management%20of%20supplier%20services.md)
|
||||
ISO 27002:2013: 15.2.1, 15.2.2
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.22-Monitoren-beoordelen-en-het-beheren-van-wijzigingen-van-leveranciersdiensten.md)
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.23-Information-security-for-use-of-cloud-services.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.23_PE%20Information%20security%20for%20use%20of%20cloud%20services.md)
|
||||
ISO 27002:2013: n/a
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.23-Informatiebeveiliging-voor-het-gebruik-van-clouddiensten.md)
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
# About Control 5.24: Information security incident management planning and preparation
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.24-Information-security-incident-management-planning-and-preparation.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.24_PE%20Information%20security%20incident%20management%20planning%20and%20preparation.md)
|
||||
ISO 27002:2013: 16.1.1
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
# About Control 5.25: Assessment and decision on information security events
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.25-Assessment-and-decision-on-information-security-events.md)
|
||||
[[ISO_27002_2022_5.25_PE Assessment and decision on information security events \|Plain English]]
|
||||
ISO 27002:2013: 16.1.4
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
# About Control 5.26: Response to information security incidents
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.26-Response-to-information-security-incidents.md)
|
||||
[[ISO_27002_2022_5.26_PE Response to information security incidents \|Plain English]]
|
||||
ISO 27002:2013: 16.1.5
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
# About Control 5.27: Learning from information security incidents
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.27-Learning-from-information-security-incidents.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.27_PE%20Learning%20from%20information%20security%20incidents.md)
|
||||
ISO 27002:2013: 16.1.6
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
# About Control 5.28: Collection of evidence
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.28-Collection-of-evidence.md)
|
||||
[[ISO_27002_2022_5.28_PE Collection of evidence \|Plain English]]
|
||||
ISO 27002:2013: 16.1.7
|
||||
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
# About Control 5.29: Information security during disruption
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.29-Information-security-during-disruption.md)
|
||||
[[ISO_27002_2022_5.29_PE Information security during disruption \|Plain English]]
|
||||
ISO 27002:2013: 17.1.1, 17.1.2, 17.1.3
|
||||
|
||||
[Business Impact Analysis (BIA)](../../../../🎇%20Sparks/Business%20Impact%20Analysis%20(BIA).md)
|
||||
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.2-Information-security-roles-and-responsibilities.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.2_PE%20Information%20security%20roles%20and%20responsibilities.md)
|
||||
ISO 27002:2013: 06.1.1
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.2-Rollen-en-verantwoordelijkheden-bij-informatiebeveiliging.md)
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.30-ICT-readiness-for-business-continuity.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.30_PE%20ICT%20readiness%20for%20business%20continuity.md)
|
||||
ISO 27002:2013: n/a
|
||||
|
||||
[Brontekst](../ISO-27002-OST/ISO27002-NL-2022/a-5.30-ICT-gereedheid-voor-bedrijfscontinuiteit.md)
|
||||
|
||||
|
||||
See also:
|
||||
- [BCP_Bedrijfscontinuïteitsplanning](../../../../📚️%20Literature%20notes/BCP_Bedrijfscontinuïteitsplanning.md)
|
||||
- [Business Impact Analysis (BIA)](../../../../🎇%20Sparks/Business%20Impact%20Analysis%20(BIA).md)
|
||||
- [Disaster Recovery Planning](../../../../🎇%20Sparks/Disaster%20Recovery%20Planning.md)
|
||||
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.31-Legal-statutory-regulatory-and-contractual-requirements.md)
|
||||
[[ISO_27002_2022_5.31_PE Legal, statutory, regulatory and contractual requirements \|Plain English]]
|
||||
ISO 27002:2013: 18.1.1, 18.1.5
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.32-Intellectual-property-rights.md)
|
||||
[Plain English](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.32_PE%20Intellectual%20property%20rights.md)
|
||||
ISO 27002:2013: 18.1.2
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
# About 5.33: Protection of records
|
||||
|
||||
This Control is about the **control, purpose, and guidance for managing and protecting organizational records** to ensure their authenticity, integrity, availability, and compliance with various requirements over time.
|
||||
|
||||
I would say: record keeping procedures, in line with legal and other requirements.
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.33-Protection-of-records.md)
|
||||
[[ISO_27002_2022_5.33_PE Protection of records \|Plain English]]
|
||||
ISO 27002:2013: 18.1.3
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.34-Privacy-and-protection-of-PII.md)
|
||||
[[ISO_27002_2022_5.34_PE Privacy and protection of PII \|Plain English]]
|
||||
ISO 27002:2013: 18.1.4
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
# About Control 5.35: Independent review of information security
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.35-Independent-review-of-information-security.md)
|
||||
[[ISO_27002_2022_5.35_PE Independent review of information security \|Plain English]]
|
||||
|
||||
ISO 27002:2013: 18.2.1
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
# About Control 5.36: Compliance with policies, rules and standards for information security
|
||||
|
||||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.36-Compliance-with-policies-rules-and-standards-for-information-security.md)
|
||||
[[ISO_27002_2022_5.36_PE Compliance with policies, rules and standards for information security \|Plain English]]
|
||||
ISO 27002:2013: 18.2.2, 18.2.3
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
[Original Text](../ISO-27002-OST/ISO27002-EN-2022/a-5.37-Documented-operating-procedures.md)
|
||||
|
||||
[[ISO_27002_2022_5.37_PE Documented operating procedures \|Plain English]]
|
||||
ISO 27002:2013: 12.1.1
|
||||
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Add a link
Reference in a new issue